At the DerbyCon 2.0 conference, security experts Laszlo Toth and Ferenc Spala presented a range of attacks, some of which were previously unknown, on Oracle databases and SQL servers; they even released suitable tools to exploit them at the same time.

In "Hacking the Oracle Client", Laszlo Toth demonstrated that, although Oracle saves the user name and password for a database connection in encrypted form in the client's main memory, this data remains in memory after the session has ended and can easily be decrypted. A trojan, for example, could exploit this to harvest plain-text passwords from the client, which was impressively demonstrated by the ocioralog meterpreter extension.

__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump